Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Raindog_13

Posted 16 September 2005 - 10:23 AM

Raindog_13

New Member

Topic Starter

Member

7 posts

Thanks a lot for your help.

C:\Documents and Settings\User\Desktop\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\popcorn320.exe: FSG!
C:\WINDOWS\system32\svc.exe: FSG!
C:\WINDOWS\system32\sys1949.exe: FSG!
C:\WINDOWS\system32\sys2349.exe: FSG!
C:\WINDOWS\system32\winctrl64.exe: FSG!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Dragon

Posted 17 September 2005 - 06:56 AM

Dragon

All Around Computer Nut

Retired Staff

2,682 posts

Click Here to download TheKillbox. Extract TheKillBox.exe from the zip file and double click it to open it up. In the 'Enter Full Path and Filename to Delete' box, copy and paste these entries one by one, clicking the red circle with the white X after each one:

Note: If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run: http://www.javacools...ngfilesetup.exe. Then try TheKillbox again.

Raindog_13

Posted 17 September 2005 - 09:38 PM

Raindog_13

New Member

Topic Starter

Member

7 posts

Thanks for your help Efwis. It seems to have tken care of the annoying website hijacking. There is one thing still that I wanted to ask about. When Windows starts up an error message pops up saying that svc.exe cannot be found, indicating that something is still trying to run it but is not able to since it has been deleted. Is there anyway to remove whatever is still trying to run it?

C:\Explorer.exe: not presentC:\WINDOWS\Explorer\Explorer.exe: not presentC:\WINDOWS\System\Explorer.exe: not presentC:\WINDOWS\System32\Explorer.exe: not presentC:\WINDOWS\Command\Explorer.exe: not presentC:\WINDOWS\Fonts\Explorer.exe: not present

Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

Dragon

Posted 20 September 2005 - 09:19 PM

You may want to print this out for reference while doing this as you will not have access to the internet to review your steps while doing them

boot to safe mode, next find and delete the following files

C:\WINDOWS\System32\sys1949.exe C:\WINDOWS\System32\sys2349.exe

next we need to go into the windows registry.

NOTE : It is recommended that you make a copy of the registry before you remove any entries in it. to do this click on file>export save it to your desktop as something your will remember easily in the event that the system doesn't boot into normal mode upon reboot.

next click on start>run and in the box that opens up type regedit and hit enter

now navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows and look for the following entry in the right window pane:

run=C:\WINDOWS\System32\svc.exe

Right click{/b] on run and choose delete.

Reboot your system and let me know how its running

[b]NOTE: If you cannot boot into normal mode, then boot into Safe Mode and double click on the registry file you saved in step one, reboot.